From mboxrd@z Thu Jan 1 00:00:00 1970 From: Askar Subject: Re: mangle squid packets Date: Tue, 5 Jul 2005 23:18:16 +0500 Message-ID: References: <42C5A815.8040301@lanhelp.com.br> Reply-To: Askar Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: Jan Engelhardt Cc: netfilter@lists.netfilter.org Before marking squid packets you have to define route with "ip" iproute2 command more info could be find on www.lartc.org , below is an example of iproute + iptables for your firewall machine. echo 112 squid.out >> /etc/iproute2/rt_tables ip rule add fwmark 3 table squid.out ip route add default via xxx.xxx.xxx.xx dev eth0 table squid.out=20 ip route flush cache # repacle xxx.xxx.xx with squid server ip ##### here is iptables part iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK --set-ma= rk 3 regards Askar hope this would helps On 7/5/05, Jan Engelhardt wrote: >=20 > >I dont know what mangle rule I need to mark squid transparent packets, I > >have tried all the following (One at a time): >=20 > Because Squid practically starts a new connection, you need special help > from squid itself to mark outgoing packets based on incoming ones. >=20 > This is done by TPROXY, a netfilter module from Balabit.com. > Unfortunately, they do not have a version for 2.6.11 and up yet. >=20 >=20 >=20 > Jan Engelhardt > -- > | Alphagate Systems, http://alphagate.hopto.org/ >=20 >=20 >=20 --=20 I love deadlines. I like the whooshing sound they make as they fly by. Douglas Adams